Big deal, Canonical is a company that pushes a giant open-source project, and it not coincidentally has a lot of control over it and uses its name in a service they offer (it's not even necessarily a paid service - I believe the 2gb plan is free!). I think they've earned that much.

Please now consider standardising on this. It's much better technically than Debian's current infrastructure, and will enable much, much easier sharing of patches. Finally the community could be reunified a bit, and PPAs for Stable would also be an important improvement for Debian.

That's ass backwards. We need *more* PPAs with the latest versions. What's missing is an easy way to pick them from a checklist while automatically fetching GPG keys. This way you have something like an open app store, and it solves the problem of not having recent enough versions in the repository - you need a bleeding edge version, you check the relevant PPA and the latest bells and whistles magically appear in the package manager.

Personally I'm waiting for them to add better integration of PPAs into Synaptic. For example, when I need a bleeding edge version of Banshee, or some application not in Debian like Handbrake, I pick its PPA from a list, enter the password and it magically appears in Synaptic. After this I'm asked which programs from this PPA I want to install (again a list for PPAs that have several). Since it allows only PPAs and not some arbitrary repositories, it could be protected against malware to some extent. This wo

The problem with this is that PPA means "Personal" Package archive and a lot of them are just that - an arbitrary repository. In many cases you are trusting some random stranger, and not Canonical, to have produced a package that doesn't contain horrendous malware. Every Launchpad user is entitled to a 1GB PPA just by signing up. Mine contains packages for MythTV with patches to fix a bug that hasn't made it out to the stable branch yet. You can install them if you really want to, but do you trust me? And how do you distinguish from all the other people with MythTV in their PPA?

Lots of projects have links to deb packages that install their GPG key and their PPA, after which you can see them in Synaptic, but this still isn't any guarantee. About the only thing you can do is be careful which groups you install keys and PPAs from. And I'd guess the reason that more of them aren't in the Universe repository is that the task of vetting them all is a mammoth one.

Lots of projects have links to deb packages that install their GPG key and their PPA, after which you can see them in Synaptic, but this still isn't any guarantee. About the only thing you can do is be careful which groups you install keys and PPAs from.

I'm curious if anyone thinks the "web of trust" around signing other GPG keys could work here. The idea being that more trustworthy PPA members would have their keys signed by many others, while less reputable PPA members would have limited key signatures. This would essentially be a rating system of trust for PPAs.

I know when I use add a new PPA, I try and do a bit of research (e.g. find a lot of links to, or comments about, the PPA) that makes me feel better about trusting some third party binary.

Personally I'm waiting for them to add better integration of PPAs into Synaptic.

Well unless the authors become dumbasses overnight, you'll probably be waiting a long time. Package management needs to be a single coherent database, making it much more distributed than it needs to be is just asking for pain... PPAs/KoPeRs aren't terrible in moderation, and solve a couple of problems. But if you make them easily available (ie. available to people who don't know what problems they cause) the solution is much

... PPAs/KoPeRs aren't terrible in moderation, and solve a couple of problems. But if you make them easily available (ie. available to people who don't know what problems they cause) the solution is much worse than the problem.

I agree PPA are good if you want the newest software and understand that installing these packages might break your system... People who don't understand that shouldn't be using PPAs...

"This is a free software, copyleft license. Its terms effectively consist of the terms of GPLv3, with an additional paragraph in section 13 to allow users who interact with the licensed software over a network to receive the source for that program. We recommend that developers consider using the GNU AGPL for any software which will commonly be run over a network."
http://www.fsf.org/licensing/licenses/index_html#GPLCompatibleLicenses [fsf.org]

Here's my issue with the AGPL: it imposes restrictions on you even if you don't distribute the software. Free Software advocates (myself included) have always insisted the GPL was beneficial because it granted you rights that you didn't have to begin with under copyright law, and so you were always free to reject it and still use the software.

But the AGPL says you have to release source if you run the code on a server exposed to the public... That's scarily close to a EULA: it takes away rights you have

The relevant language in the AGPL technically sidesteps this problem, although I'm not sure whether it addresses the spirit of your concern. The key point is section 13:

Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.

So, the rule is that you can't modify AGPL software to remove an offer to provide source code to networked users; it's not technically a restriction on use, but rather on modification. The odd thing is that it applies to a modification that isn't distributed. Asserting the ability to use copyright to restrict that kind of modification is ver

It makes sense to me. Imagine something like Facebook, but on a much smaller scale, got open-sourced with the AGPL. Then someone took it, made a lot of improvements, and started a new site to compete with it. They're benefiting from the source, but they aren't giving back, because their modified code runs on their server and provides a service to others over the net. They aren't distributing the code, but they're distributing the resulting service, and no one else can also benefit from the improvements

I didn't say anywhere that AGPL prevents you from modifying software. The concern is that, by relying on the same legal reasoning that allows other software producers to use EULAs to restrict people's use of their software, the AGPL might have the unintended consequence of reinforcing these restrictions.

So when (assuming it was under the AGPL rather than the GPL) I modify my Drupal settings.php file to include the connection string to my database, do I have to share that with my site visitors? Or do passwords want to be free as well?

The legal advice the Drupal community has got from the FSF with regards to the GPL is that with PHP apps any PHP include files fall under their linking clauses and are subject to the GPL as well. Which means that every Drupal (and also many other similar PHP apps) sites out the

So when (assuming it was under the AGPL rather than the GPL) I modify my Drupal settings.php file to include the connection string to my database, do I have to share that with my site visitors?

Then modify the software to store the passwords in a container other than a PHP source code file, and share your modification with your users. This container might be a JSON or XML document, which is deemed data, not code, under the license.

The relevant language in the AGPL technically sidesteps this problem, although I'm not sure whether it addresses the spirit of your concern... it's not technically a restriction on use, but rather on modification.

Yeah again, it's trying to take away a right I had (modification without distribution, that's ok under default copyright law, right?). So if I reject the AGPL and use the code anyway, am I doing anything wrong, from a legal point of view?

But the AGPL says you have to release source if you run the code on a server exposed to the public... That's scarily close to a EULA: it takes away rights you have (the right to use the code given to you; the intermediate copying steps are protected in part explicitly by law and in part implicitly under fair use).

When a computer program is used interactively over a network, one could argue that it is performed publicly. Performing a work publicly is the exclusive right of the copyright owner.

A customer of mine was skeptical about open source. Then one of their people started reading the Affero GPL, and was terrified ("this means they can do a surprise inspection on our premises!") now anything with GPL or open source is out of the question. They even bought an xserve for php

You mean as opposed to the Business Software Alliance? Which you agree to allow to do a surprise inspection on your premises if you buy software from their members (Microsoft, Adobe, etc). Yeah they better not use open source because, you know, those guys might launch a surprise inspection, not that I have ever seen a report of them doing so (unlike the BSA), but they might.
So they better stick to safe software from Microsoft and Adobe, they would never invade the privacy of their customers (except of course when they can make money from doing so).

its not quite like that - we had a surprise inspection from Microsoft.. well, they surprised us by telling us we'd be inspected, and they kindly offered to come and do an analysis of our software licences to see which ones we'd accidentally forgotten to buy.

Unfortunately, the analysis required the use of a 3rd party who were very happy to charge us only a reasonable sum to let us run a licence-checker tool on every workstation and send the results to them where they'd put it in excel and tell us how many licences we should have bought, leaving us to compare that to the number we had bought.

so in effect, we had to pay to inspect ourselves. And we still owe MS a bundle!

Show me any time open software has done anything like what the BSA/Microsoft did to the makers of Music Man guitars (Ernie Ball) and we'll talk:
http://news.cnet.com/2008-1082_3-5065859.html [cnet.com]
Worrying about what could happen is one thing, but knowing what has happened is more significant.

Your customer's management got fudded.
Which is one reason that IT managers should be well grounded in the people they manage. Letting a higher up get politically bullshitted into pushing his subbies the wrong way is just plain not good.

I don't get it. Buying a X serve doesn't undo the GPL for the GPL'ed stuff that Apple uses (like PHP), does it? It just means some stuff is proprietary (like the OSX kernel) running with a lot of GPL stuff on top of it.

This is actually the first clever use of AGPL I am aware of: it prevents a competitor to form around an altered version of Launchpad. If they try, they have to give it to their users and thus Canonical.

It is clearly less free than the GPL just as the GPL is less free than BSD.

Whether it is free enough to count as free is a matter of opinion.

Less free to whom? to the end user is just the same as they don't intend to redistribute the software. To some user who wants to distribute the code, it's less free. To the original developer no, it gives him the freedom to choose how his code is being distributed.

The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software.

Hm, kind of like GitHub in that regard, then. The nice thing about just picking one source code mgmt system is that you can write a good UI specifically for it. Of course, the cost is that folks have to move over from Subversion or whatever.

I don't understand why people have to move. PPA isn't exclusive of Subversion, or any other system, is it? I have some PPA's on my systems, some Subs, I mostly use Synaptic for over all management, but sometimes I find myself going CLI with apt-get - especially when dependencies just won't "resolve themselves". If/when PPA can do everything a person might want to do, then a lot of people probably will move. But, I don't see this happening soon, nor do I see it being a unanimous mass movement. Maybe amo

First problem is they require bzr 1.16.1 to download their rocket-fuel-setup script, the latest available version in the Ubuntu repo is 1.13.1 -- so you have to manually add the PPA source.
Why do they not have the version *they* use in the repo for *their* operating system?

That aside, the rocket-fuel script then downloads, unpacks, installs, alters and generally takes too long. And if that wasn't enough...

## Note that this will make changes to your Apache configuration if
## you already have an Apache server on your box. It will also add
## entries to/etc/hosts and it will setup a postgresql server on
## you box.
## If you want to play safe with regards to your existing Apache,
## try this out in a virtual environment first.

And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.

How about a way to browse it online? I just wanted to see what language it was in, according to the docs it's Python but it would have been nice to be able to take a look at it without spending "a few hours to get everything" jumping through hoops.

First problem is they require bzr 1.16.1 to download their rocket-fuel-setup script, the latest available version in the Ubuntu repo is 1.13.1 -- so you have to manually add the PPA source.

Why do they not have the version *they* use in the repo for *their* operating system?

Don't be a drama queen now, 1.16.1 was only recently released and you know Ubuntu policy about stable releases.

And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.

bzr get lp:launchpad

Is that easy enough for you?;)

How about a way to browse it online? I just wanted to see what language it was in, according to the docs it's Python but it would have been nice to be able to take a look at it without spending "a few hours to get everything" jumping through hoops.

Thank you. Why do they not have this info in their announcement?
I was in the process of checking out the code using:
bzr branch http://bazaar.launchpad.net/~launchpad-pqm/launchpad/devel/ [launchpad.net]
Which I found after looking in the code for the setup script, but that's exactly what I wanted.

And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.

Once you've got bzr 1.16.1 or later you can do bzr branch lp:launchpad to get the Launchpad code. That's pretty easy. Then, if you find yourself fixing a bug, you have a working tree in which to commit your changes. A tarball is a static lump with no history and no future, and if you want tomorrow's code, you'll have another big tarball to download.

Did Google's Chrome OS have something to do with this move, I think so. Why you may ask: Because entry of another Linux based Open Source OS into the Linux playground does nothing to further Canonical's ambitions.

Now waiting on Adobe and its Flash Technologies to do likewise.

What on earth are you talking about? This has nothing to do with a desktop operating system. Furthermore, Canonical promised a year ago tomorrow to release the source code within a year. This pre-dates the announcement of Chrome OS by at least 11 months.

Actually they promised something like four years ago (give or take a few months), but only set a date for its open sourcing about 7 months ago. They were behind their own deadline, but they also released the source for Soyuz and Code Hosting, so I guess they spent those extra few weeks well.

No, I think it was more that Microsoft contributed code the Kernel and they didn't want to be accused of having closed-sourced software when even Microsoft was opening up. Or maybe it was the vulnerabilities found in the Kernel, they decided if exploits could slip into the most-watched open source project they need to get more eyes on their code. It could have even been that because the world is supposed to end in 2012, but I think I would be drawing a correlation where there isn't one if I said that.

People from slashdotters, to bloggers, to self appointed tech reviewers, to wall street lackwits try to read drama into everything that happens in the computing world. A new Firefox is the IE Killer, Chrome was the FF and IE killer, Android was the iPhone killer, etc ad nauseum. It's almost as if people DEMAND that one killer OS, and a handful of killer apps rule the world. God help us if that ever does happen. It would be pure hell trying to be "different". It would be like - like - well - it would be

Is it the code to the Launchpad site itself? Like I could use a copy of it to manage and track bugs and development on my own projects? Or are they talking about some kind of framework / os that Launchpad runs on?

As far as I can tell from my limited browse of Launchpad, it seems like an alternative to Sourceforge no?

Is it the code to the Launchpad site itself? Like I could use a copy of it to manage and track bugs and development on my own projects? Or are they talking about some kind of framework / os that Launchpad runs on?

As far as I can tell from my limited browse of Launchpad, it seems like an alternative to Sourceforge no?